IOS SSL VPN and Thin Client

Unanswered Question
Jan 21st, 2010
User Badges:

Hi All,

I have setup SSL VPN on a border C871 with port forwarding for Telnet and ssh access to inside C3845 routers. The inside router has ACL enabled to controll access on vty lines. When I remove the ACL, I can successfully telnet 3000 from local PC to the inside router. When the ACL is enabled, I cannot access the router. One would think this is normal. But the problem is there even if I have a 'permit any' statement in the ACL to allow any access. Here is the script:


access-list 99 permit any

line vty 0 4

access-class 99 in

transport input all



C871 is in version c870-advipservicesk9-mz.124-15.T9.bin; and C3845 is in c3845-advipservicesk9-mz.124-9.T7.bin.

Any ideas on this would be appreciated.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
james.bastnagel Fri, 01/22/2010 - 10:27
User Badges:


Can you post a copy of the ACL itself and confirm what port you are using for telnet access? From your post it appears that you may be using port 3000, but I am unclear on that piece.


Chuan Liu Mon, 01/25/2010 - 12:12
User Badges:

Hi James,

I cannot access even when the ACL has only one statement: access-list 99 per any.

In the SSL VPN router, port 3000 is defined for ssh.

port-forward "Core01"
   local-port 3000 remote-server "" remote-port 22

When connected from Laptop to the SSL VPN router, I telnet on 3000 from DOS prompt.

When the above ACL is removed, the telnet is working.

Thanks for your idea,



This Discussion